Thanks for your replies/time Jukka. (they prove to be very helpful
for beginners)
Could you elaborate (or, provide a ref/doc, should you have that) on
the below part?
Can I conclude from your reply you'd typically tie a Session to a
User after all if the DAO has to check whether the requested info is
accessible by the user performing the request? In this scenario,
would you typically pass the UserID to the DAO Class where
- a Session is started (in this DAO class)
- the Session is tied to the User (id)
(Or the Sping-equivalent where you'd intercept DAO methods requiring
an ID, to inject these DAO methods with the UserID Spring finds on
this Thread)
Or is there a better JCR-algorithm?
BR,
Wolf
2/ You don't need to tie a Session to a User. Instead, you'd
typically want to tie a Session to a DAO-unit-of-work.
This depend's on your needs. The essential considerations when mapping
sessions to users are access controls and the visibility of transient
changes.
